From owner-p4-projects@FreeBSD.ORG  Tue Jan  8 22:13:17 2008
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 5BB9616A420; Tue,  8 Jan 2008 22:13:17 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 20F7616A417
	for <perforce@freebsd.org>; Tue,  8 Jan 2008 22:13:17 +0000 (UTC)
	(envelope-from andre@freebsd.org)
Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2])
	by mx1.freebsd.org (Postfix) with ESMTP id 9500313C442
	for <perforce@freebsd.org>; Tue,  8 Jan 2008 22:13:16 +0000 (UTC)
	(envelope-from andre@freebsd.org)
Received: (qmail 75934 invoked from network); 8 Jan 2008 21:37:25 -0000
Received: from c00l3r.networx.ch (HELO [127.0.0.1]) ([62.48.2.2])
	(envelope-sender <andre@freebsd.org>)
	by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP
	for <adrian@freebsd.org>; 8 Jan 2008 21:37:25 -0000
Message-ID: <4783F57F.7010201@freebsd.org>
Date: Tue, 08 Jan 2008 23:13:19 +0100
From: Andre Oppermann <andre@freebsd.org>
User-Agent: Thunderbird 1.5.0.14 (Windows/20071210)
MIME-Version: 1.0
To: Adrian Chadd <adrian@freebsd.org>
References: <200801071418.m07EIwNn036146@repoman.freebsd.org>	
	<4782A21C.2060504@freebsd.org>
	<d763ac660801071810i1a20eaf9if59e265a0527e04e@mail.gmail.com>
In-Reply-To: <d763ac660801071810i1a20eaf9if59e265a0527e04e@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Perforce Change Reviews <perforce@freebsd.org>
Subject: Re: PERFORCE change 132710 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jan 2008 22:13:17 -0000

Adrian Chadd wrote:
> On 08/01/2008, Andre Oppermann <andre@freebsd.org> wrote:
> 
>> Reinventing the wheel?  Have a look at IPFIREWALL_FORWARD
>> which supports transparent proxying as well.
> 
> Yes, but redirects it to a local listen() socket, effectively spoofing
> the destination IP. The client (ie, the computer making the connect())
> thinks its talking to the original destination.
> 
> This is meant to implement the other end - spoofing the local IP on
> sockets that you connect() to, spoofing the local IP and not the
> destination IP. This is intended to let a FreeBSD box (with relevant
> symmetrical routing) pretend to be a client on a connect() to a remote
> server.
> 
> If this can be done within pf/ipfw right now then please let me know. :)

The IPFIREWALL_FORWARD functionality should be able to do that as
well.  The direction of the spoof capture doesn't really matter as
long as you reverse the rule from the traditional transparent proxy
example.  The only missing piece is binding a local socket to a non-
local IP address.  That you have to address in netinet/in_pcb.c
either with global sysctl or a individual socket option.  Should
only take a dozen lines or less to do that (including the sysctl
or socket option code).

-- 
Andre